//package com.example.resource.config;
//
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.http.HttpMethod;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
//import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
//import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
//import org.springframework.security.oauth2.provider.token.TokenStore;
//import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
//
//import javax.sql.DataSource;
//
///**
// * @author novel
// * @date 2020/11/5
// */
//@Configuration
//@EnableResourceServer
//public class OauthResourceConfig extends ResourceServerConfigurerAdapter {
//    private final DataSource dataSource;
//
//    public OauthResourceConfig(DataSource dataSource) {
//        this.dataSource = dataSource;
//    }
//
//    /**
//     * 指定token的持久化策略
//     * 其下有   RedisTokenStore保存到redis中，
//     * JdbcTokenStore保存到数据库中，
//     * InMemoryTokenStore保存到内存中等实现类，
//     * 这里我们选择保存在数据库中
//     *
//     * @return
//     */
//    @Bean
//    public TokenStore jdbcTokenStore() {
//        return new JdbcTokenStore(dataSource);
//    }
//
//    @Override
//    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
//        resources.resourceId("resource")//指定当前资源的id，非常重要！必须写！
//                .tokenStore(jdbcTokenStore());//指定保存token的方式
//    }
//
//    @Override
//    public void configure(HttpSecurity http) throws Exception {
//        http.authorizeRequests()
//                //指定不同请求方式访问资源所需要的权限，一般查询是read，其余是write。
//                .antMatchers(HttpMethod.GET, "/**").access("#oauth2.hasScope('read')")
//                .antMatchers(HttpMethod.POST, "/**").access("#oauth2.hasScope('write')")
//                .antMatchers(HttpMethod.PATCH, "/**").access("#oauth2.hasScope('write')")
//                .antMatchers(HttpMethod.PUT, "/**").access("#oauth2.hasScope('write')")
//                .antMatchers(HttpMethod.DELETE, "/**").access("#oauth2.hasScope('write')")
//                .and()
//                .headers().addHeaderWriter((request, response) -> {
//            response.addHeader("Access-Control-Allow-Origin", "*");//允许跨域
//            if ("OPTIONS".equals(request.getMethod())) {//如果是跨域的预检请求，则原封不动向下传达请求头信息
//                response.setHeader("Access-Control-Allow-Methods", request.getHeader("Access-Control-Request-Method"));
//                response.setHeader("Access-Control-Allow-Headers", request.getHeader("Access-Control-Request-Headers"));
//            }
//        });
//    }
//}
